Last Updated on 06/02/2022 by Nidhi Khandelwal
The Cerber ransomware organization has been attacking victims all around the world since last month. Both Windows and Linux encryptors were used by the ransomware operators.
There is no code from the earlier ransomware family in the new variant. It makes use of the Crypto++ library, whereas the previous version made use of the Windows CryptoAPI libraries.
Because of the code differences and the lack of Linux variants in prior versions, it’s possible that a new threat actor has begun using the name, Tor payment site, and ransom letter of the older versions.
The updated version adds the.locked extension to the ‘ $$RECOVERY README$$ .html’ ransom notes.
The new Cerber ransomware organization demands a ransom of $1,000 to $3,000 from victims after successful infection.
The new attack uses newly discovered vulnerabilities in GitLab and Atlassian Confluence to target servers.
Cerber takes advantage of a remote code execution flaw in GitLab’s ExifTool component. The flaws are identified as CVE-2021-22205. The flaws can be exploited remotely without requiring authentication.
Furthermore, both vulnerabilities have publicly publicized proofs of concept, making it simple for attackers to target systems.
Recent attacks have primarily targeted the United States, Germany, and China. They’ve even targeted Russia, demonstrating that they’re not targeting any one place in particular.
Cybercriminals are continuously looking for exploitable flaws in popular enterprise software. Applying the security patches for Atlassian Confluence and GitLab is the best defense against the latest Cerber assaults.